11/18/25: Update your Snowflake log source configuration

Last updated: November 18, 2025

Snowflake is deprecating single-factor password sign-ins and untagged service accounts. You may need to take action to ensure your configuration aligns with Snowflake’s updated requirements.

To comply with Snowflake's updated requirements, you'll need to take the following actions:

Update to use RSA key pair authentication.
- Snowflake is deprecating password-based authentication for service accounts. If your Panther log source currently uses password-based authentication, you must switch to RSA key pair authentication.
- You can switch to RSA key pair authentication directly in Panther using the Rotate RSA Key button. For detailed instructions, see our documentation.
Ensure your user's type is SERVICE
- Snowflake now requires service accounts to have the TYPE property set to TYPE = 'SERVICE'.
- Run the following command in Snowflake to verify your account type:
```
DESCRIBE USER <user>;
```
  - If the type is not SERVICE, update it using:
```
ALTER USER <user> SET TYPE = 'SERVICE';
```
    This command is safe to run even if the account is already correctly configured.

You can find your Snowflake user name in the Panther Console by navigating to Configure > Log Sources. Select the Snowflake log source from the list and then click on the Configuration tab.

If you need guidance on updating your Snowflake source in Panther, please reach out to our support team.